Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CA8CF88E19B211EF869BFA50C4F9AE02.roa
File: CA8CF88E19B211EF869BFA50C4F9AE02.roa (raw, json)
Hash identifier: tkRlesAyZTmu8v/jrJ4MDE1HBmv4Qeo6ILMa9+k+JAs=
Subject key identifier: 6F:45:E1:B2:C6:41:C1:22:C4:1A:C2:2F:E2:45:65:47:51:81:36:E1
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8C1A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CA8CF88E19B211EF869BFA50C4F9AE02.roa
Signing time: Thu 30 May 2024 16:09:53 +0000
ROA not before: Thu 30 May 2024 16:09:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 138296
IP address blocks: 103.2.190.0/23 maxlen: 24
103.31.140.0/23 maxlen: 24
103.31.142.0/23 maxlen: 24
103.31.220.0/23 maxlen: 24
103.41.32.0/22 maxlen: 24
103.93.192.0/22 maxlen: 24
103.111.69.0/24 maxlen: 24
103.111.70.0/24 maxlen: 24
103.111.71.0/24 maxlen: 24
103.115.154.0/23 maxlen: 24
103.119.82.0/23 maxlen: 24
103.119.172.0/23 maxlen: 24
103.123.154.0/23 maxlen: 24
103.123.224.0/24 maxlen: 24
103.123.225.0/24 maxlen: 24
103.123.226.0/24 maxlen: 24
103.123.227.0/24 maxlen: 24
103.124.22.0/23 maxlen: 24
103.124.122.0/23 maxlen: 24
103.127.116.0/23 maxlen: 24
103.127.252.0/24 maxlen: 24
103.132.100.0/23 maxlen: 24
103.134.4.0/22 maxlen: 24
103.142.198.0/24 maxlen: 24
103.143.8.0/24 maxlen: 24
103.143.9.0/24 maxlen: 24
103.157.178.0/23 maxlen: 24
103.157.222.0/23 maxlen: 24
103.158.48.0/23 maxlen: 24
103.163.190.0/23 maxlen: 24
103.167.176.0/23 maxlen: 24
103.171.210.0/23 maxlen: 24
103.172.86.0/23 maxlen: 24
103.172.156.0/23 maxlen: 24
103.173.120.0/23 maxlen: 24
103.173.205.0/24 maxlen: 24
103.173.244.0/24 maxlen: 24
103.173.245.0/24 maxlen: 24
103.174.244.0/23 maxlen: 24
103.175.60.0/23 maxlen: 24
103.179.46.0/23 maxlen: 24
103.179.232.0/23 maxlen: 24
103.179.236.0/23 maxlen: 24
103.181.54.0/23 maxlen: 24
103.195.80.0/23 maxlen: 24
103.204.132.0/22 maxlen: 24
103.206.26.0/23 maxlen: 24
103.207.90.0/23 maxlen: 24
103.208.90.0/23 maxlen: 24
103.209.72.0/23 maxlen: 24
103.212.172.0/23 maxlen: 24
103.215.184.0/23 maxlen: 24
103.217.138.0/23 maxlen: 24
103.218.106.0/23 maxlen: 24
103.218.180.0/23 maxlen: 24
103.218.184.0/23 maxlen: 24
103.218.186.0/23 maxlen: 24
103.220.232.0/23 maxlen: 24
103.225.30.0/23 maxlen: 24
103.225.116.0/23 maxlen: 24
103.227.104.0/23 maxlen: 24
103.228.72.0/23 maxlen: 24
103.229.90.0/23 maxlen: 24
103.244.24.0/23 maxlen: 24
103.244.94.0/23 maxlen: 24
110.44.10.0/24 maxlen: 24
110.44.11.0/24 maxlen: 24
2001:df2:380::/48 maxlen: 48
2400:4fe0::/32 maxlen: 32
2404:58c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35866 (0x8c1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:09:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a4d1-34a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d2:7a:76:72:62:fa:e1:93:a6:e4:ff:d2:6a:
92:3d:ce:cf:bb:78:cb:d9:8d:83:22:3c:a9:6c:53:
26:1d:b4:e5:16:b3:64:6f:52:3c:80:c5:7c:6d:69:
52:02:33:38:7c:74:88:f3:78:c6:e1:1e:06:db:d4:
2f:04:9e:f1:0b:d4:93:f8:bf:80:95:d2:75:ec:03:
53:59:03:22:d9:30:a1:fb:bf:24:4b:7f:da:86:57:
4d:26:46:37:d6:e5:ab:61:a5:ae:5b:b5:e0:4e:34:
03:70:83:e9:e4:1f:82:2e:04:a8:95:e9:7a:73:37:
36:49:8a:cf:d0:3a:bd:21:6c:08:27:ca:12:fb:84:
ed:a9:3e:17:8e:42:d8:0d:95:ef:12:64:13:db:b9:
ca:b9:2d:6c:6a:f8:b3:d0:2c:1f:c4:ef:29:a3:50:
c0:fc:fe:52:17:81:92:54:af:8a:92:da:6b:15:c0:
eb:50:86:9e:ab:bc:26:85:b6:c9:8b:32:e0:79:f4:
e0:d2:c0:78:a6:0e:27:3f:6f:49:eb:12:4d:f2:37:
5d:48:fa:1b:be:e1:35:e9:2d:ff:f2:91:0c:6a:86:
b6:db:42:f1:e6:cc:cb:cb:67:4a:92:01:42:35:3c:
c2:b8:07:ac:c0:e7:de:3f:b1:7f:7a:89:18:7d:0a:
29:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:45:E1:B2:C6:41:C1:22:C4:1A:C2:2F:E2:45:65:47:51:81:36:E1
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CA8CF88E19B211EF869BFA50C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.2.190.0/23
103.31.140.0/22
103.31.220.0/23
103.41.32.0/22
103.93.192.0/22
103.111.69.0-103.111.71.255
103.115.154.0/23
103.119.82.0/23
103.119.172.0/23
103.123.154.0/23
103.123.224.0/22
103.124.22.0/23
103.124.122.0/23
103.127.116.0/23
103.127.252.0/24
103.132.100.0/23
103.134.4.0/22
103.142.198.0/24
103.143.8.0/23
103.157.178.0/23
103.157.222.0/23
103.158.48.0/23
103.163.190.0/23
103.167.176.0/23
103.171.210.0/23
103.172.86.0/23
103.172.156.0/23
103.173.120.0/23
103.173.205.0/24
103.173.244.0/23
103.174.244.0/23
103.175.60.0/23
103.179.46.0/23
103.179.232.0/23
103.179.236.0/23
103.181.54.0/23
103.195.80.0/23
103.204.132.0/22
103.206.26.0/23
103.207.90.0/23
103.208.90.0/23
103.209.72.0/23
103.212.172.0/23
103.215.184.0/23
103.217.138.0/23
103.218.106.0/23
103.218.180.0/23
103.218.184.0/22
103.220.232.0/23
103.225.30.0/23
103.225.116.0/23
103.227.104.0/23
103.228.72.0/23
103.229.90.0/23
103.244.24.0/23
103.244.94.0/23
110.44.10.0/23
IPv6:
2001:df2:380::/48
2400:4fe0::/32
2404:58c0::/48
Signature Algorithm: sha256WithRSAEncryption
49:38:6e:bf:47:8a:6c:85:3b:76:45:9b:0a:b2:7e:6d:16:5f:
bf:83:b0:29:ca:81:35:1a:cc:60:9e:4d:b0:62:0c:9c:8b:ef:
9f:d3:ce:37:07:b6:20:f3:b7:25:4f:fe:94:ab:97:ca:4d:c0:
47:93:7b:5e:67:e2:94:e6:d7:a4:bc:29:ff:bb:9b:82:ca:1c:
23:3b:5c:f3:1d:40:7e:65:bf:71:6d:59:8b:55:5c:69:df:38:
e2:84:7a:f0:bf:22:d8:db:8f:96:b6:aa:8a:79:21:48:0e:6f:
c4:42:fb:5b:c3:99:95:b1:b0:ed:a4:6f:48:69:ad:fc:08:8a:
cc:a4:aa:4f:97:88:28:0e:b1:b7:b3:2b:ed:9b:be:d4:fc:24:
a0:4c:93:b1:53:7c:42:6e:5d:39:71:0c:33:b2:0f:9c:7d:ab:
2f:76:ef:e0:c0:93:6a:aa:24:c0:1e:33:b2:9b:95:9d:94:0d:
aa:dc:f4:f4:50:98:35:bb:05:65:35:51:ce:03:fd:c2:c0:7d:
72:28:36:f8:1b:26:98:26:69:e4:15:80:e3:b3:9c:f8:e6:66:
30:2e:fb:a5:c5:9f:81:a5:52:fd:50:35:fd:dd:09:d7:87:1f:
fe:c9:a8:a7:41:76:90:29:16:44:9f:7a:b4:75:49:22:5e:d8:
7d:08:1d:df
-----BEGIN CERTIFICATE-----
MIIG9TCCBd2gAwIBAgIDAIwaMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MDk1M1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE0ZDEtMzRhMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/SenZyYvrhk6bk/9Jqkj3Oz7t4y9mNgyI8qWxTJh205RazZG9SPIDFfG1p
UgIzOHx0iPN4xuEeBtvULwSe8QvUk/i/gJXSdewDU1kDItkwofu/JEt/2oZXTSZG
N9blq2Glrlu14E40A3CD6eQfgi4EqJXpenM3NkmKz9A6vSFsCCfKEvuE7ak+F45C
2A2V7xJkE9u5yrktbGr4s9AsH8TvKaNQwPz+UheBklSvipLaaxXA61CGnqu8JoW2
yYsy4Hn04NLAeKYOJz9vSesSTfI3XUj6G77hNekt//KRDGqGtttC8ebMy8tnSpIB
QjU8wrgHrMDn3j+xf3qJGH0KKScCAwEAAaOCBBgwggQUMB0GA1UdDgQWBBRvReGy
xkHBIsQawi/iRWVHUYE24TAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0NBOENGODhF
MTlCMjExRUY4NjlCRkE1MEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBoAYIKwYBBQUHAQcB
Af8EggGPMIIBizCCAWYEAgABMIIBXgMEAWcCvgMEAmcfjAMEAWcf3AMEAmcpIAME
AmddwDAMAwQAZ29FAwQDZ29AAwQBZ3OaAwQBZ3dSAwQBZ3esAwQBZ3uaAwQCZ3vg
AwQBZ3wWAwQBZ3x6AwQBZ390AwQAZ3/8AwQBZ4RkAwQCZ4YEAwQAZ47GAwQBZ48I
AwQBZ52yAwQBZ53eAwQBZ54wAwQBZ6O+AwQBZ6ewAwQBZ6vSAwQBZ6xWAwQBZ6yc
AwQBZ614AwQAZ63NAwQBZ630AwQBZ670AwQBZ688AwQBZ7MuAwQBZ7PoAwQBZ7Ps
AwQBZ7U2AwQBZ8NQAwQCZ8yEAwQBZ84aAwQBZ89aAwQBZ9BaAwQBZ9FIAwQBZ9Ss
AwQBZ9e4AwQBZ9mKAwQBZ9pqAwQBZ9q0AwQCZ9q4AwQBZ9zoAwQBZ+EeAwQBZ+F0
AwQBZ+NoAwQBZ+RIAwQBZ+VaAwQBZ/QYAwQBZ/ReAwQBbiwKMB8EAgACMBkDBwAg
AQ3yA4ADBQAkAE/gAwcAJARYwAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBJOG6/R4ps
hTt2RZsKsn5tFl+/g7ApyoE1Gsxgnk2wYgyci++f0843B7Yg87clT/6Uq5fKTcBH
k3teZ+KU5tekvCn/u5uCyhwjO1zzHUB+Zb9xbVmLVVxp3zjihHrwvyLY24+WtqqK
eSFIDm/EQvtbw5mVsbDtpG9Iaa38CIrMpKpPl4goDrG3syvtm77U/CSgTJOxU3xC
bl05cQwzsg+cfasvdu/gwJNqqiTAHjOym5WdlA2q3PT0UJg1uwVlNVHOA/3CwH1y
KDb4GyaYJmnkFYDjs5z45mYwLvulxZ+BpVL9UDX93QnXhx/+yainQXaQKRZEn3q0
dUkiXth9CB3f
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:26 2025 by rpki-client